[Zope] Problems with assigning proxy roles to a python script

Matt Patterson list-matt@reprocessed.org
Sat, 21 Jun 2003 19:41:06 +0100

On Saturday, June 21, 2003, at 07:12 PM, Geir B=E6kholt wrote:

> On  Sat, 21 Jun 2003 18:00:11 +0100 GMT (..19:00 where i live(GMT+2) )
> Matt Patterson asked the Zope mailinglist about the following:
>> You are not authorized to change addUserScript because you do not =
>> proxy roles. (Also, an error occurred while attempting to render the
>> standard error message.)
> That error message is not very well-worded. It really means that
> *you*, the user assigning the proxy-role cannot assign roles you don't
> have yourself.

Ah, I see - hence why I, with the Manager role, could assign Manager as =20=

a proxy to the script...

> So, if you set your manager-user up with the "adduser" role, you can
> freely asssign adduser-proxies whereever you like.


> but there is no danger related to assigning the "manager" role to the
> script if no non-managers are allowed to edit it.

Not even if the manage_edit interface was called on the script when it =20=

had the Manager proxy role? i.e. does this mean that proxy roles only =20=

apply when the script is __call__ed, and not when any of its other Zope =20=

methods (like manage_edit or document_src) are called...

> You can read more about roles and proxies here :
> http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/=20
> Security.stx

I did read that, but the example made me think that I had to be a =20
Manager to assign any proxy roles - the example was confusing on that =20=


Many thanks for the prompt response!


    Matt Patterson | Typographer
    <matt@emdash.co.uk> | http://www.emdash.co.uk/
    <matt@reprocessed.org> | http://reprocessed.org/